D) Australia Post 


AUDIT & RISK COMMITTEE CHARTER 


Effective: 25 June 2021 


Purpose 


1. The Audit & Risk Committee (Committee) is a committee of the Board of the Australian Postal 
Corporation (Australia Post). This Charter sets out the authority delegated by the Board to the 
Committee and the Committee’s responsibilities, powers, composition and operation. 


2. The primary function of the Committee is to provide oversight and review of financial reporting; 
performance reporting; system of risk oversight and management; system of internal control; and 
auditor independence and performance, and within the scope of its responsibility endorse certain 
matters for Board approval. 


Responsibilities 


3. The Committee has the following responsibilities: 


Financial Reporting 


3.1 


3.2 


3.3 


3.4 


3.5 


3.6 


3.7 


review and advise the Board on the appropriateness of financial reporting for Australia Post, 
including any specific areas of concern or suggestions for improvement. 


review and endorse for Board approval the half-year and annual financial reports. 


assess any proposed changes in accounting practices or policies. 


note ASX certification representation from the Group Chief Executive Officer and Managing 
Director (GCEO & MD) and Group Chief Financial Officer (GCFO) to support the Statutory 
Financial Statements of Australia Post. 


review any litigation, claim or other contingency, including tax assessments, which could have a 
material effect upon the financial position or operating results. The Committee will also review 
the manner in which these matters have been disclosed in the financial report. 


discuss with the external auditor issues such as the clarity of Australia Post’s financial 
disclosures and other significant decisions made by management in preparing the financial 
report. 


review the reliability and integrity of financial information and compliance with audit, accounting 
and financial reporting obligations. 


Performance Reporting 


3.8 


review and advise the Board on the appropriateness of the systems and procedures for 
assessing, monitoring and reporting on achievement of Australia Post’s performance, including 
any specific areas of concern or suggestions for improvement. 


3.9 


3.10 


3.11 


review and endorse for Board approval the Annual Performance Statement. 


review the proposed reporting of Australia Post’s performance to ensure that the information is 
consistent with reported financial information. 


review the performance information, systems and framework, and the completeness and 
accuracy of performance reporting (including application of the PGPA Act, PGPA Rule and 
supporting guidance) that underpin the performance reporting. 


System of Risk Oversight and Management 


3.12 


3.13 


3.14 


3.15 


3.16 


3.17 


3.18 


3.19 


3.20 


review and advise the Board on the appropriateness of the system of risk oversight and 
management for Australia Post, including any specific areas of concern or suggestions for 
improvement. 


review and endorse for Board approval the Group Risk Management Framework and Group 
Compliance Management Framework. 


review and endorse for Board approval the Group Risk Appetite Statement. 


review and have oversight over the organisation Risk Profile (which includes Tier 1 risks) in 
conjunction with risk appetite settings, and ensure appropriate mitigation plans are in place. 


review and have oversight over the progress of the capital investment plan. 


review and have oversight over fraud risk. 

review and have oversight over the adequacy of insurance coverage for Australia Post. 
review and have oversight over Australia Post’s physical and digital continuity planning 
arrangements, including whether business continuity and disaster recovery plans are 


periodically updated and tested. 


review the information security posture and controls and the mechanisms for reporting of 
information security policy breaches. 


System of Internal Control 


3.21 


3.22 


review and advise the Board on the appropriateness of the system of internal control for 
Australia Post, including any specific areas of concern or suggestions for improvement. 


review management’s approach to maintaining an effective internal control framework and 
whether appropriate processes are in place for assessing whether key policies and procedures 
are complied with. 


(See also paragraphs 3.23 to 3.28 regarding Compliance Management and paragraphs 3.36 to 3.38 
regarding Internal Audit.) 


Compliance Management 


3.23 


3.24 


3.25 


3.26 


3.27 


3.28 


review and endorse for Board approval the Group Policy Governance Framework and material 
policies, and otherwise fulfil the Committee’s responsibilities under that Framework. 


monitor compliance with laws, regulations (including prescribed performance standards), 
ministerial directions and government policy orders. 


monitor material incidents impacting our major stakeholders, including customers, employees, 
contractors, licensees, suppliers and partners. 


review and endorse for Board approval the Authorised Representative’s Report for the 
Australian Financial Services Licence. 


monitor updates from management and General Counsel regarding compliance matters that 
may have a material impact on Australia Post and the financial report. 


monitor progress against responses to reports by regulatory bodies. 


Audit Independence and Performance 


External Audit 


3.29 


3.30 


3.31 


3.32 


3.33 


review the external auditors’ proposed audit scope, approach and budgeted fees for the current 
year. 


discuss with external auditors any difficulties encountered in the audit, including any restriction 
on audit scope, access to information, and any significant resolved or unresolved disagreements 
with management. 


monitor the relationship between internal and external auditors. 


review management letters containing material findings or recommendations raised by the 
external auditors and monitor management action in response to findings. 


meet in private with the external auditors, at least annually. 


Internal Audit 


3.34 


participate in the appointment, dismissal or replacement of the General Manager Internal Audit, 
noting that the day-to-day reporting line of the role is to the GCFO and that the role is directly 
accountable to the Chair of the Committee. 


3.35 


3.36 


3.37 


3.38 


3.39 


3.40 


3.41 


review annually the activities, funding (including consultation with the Committee Chair on 
changes to the budget) and structure of the internal audit function, ensuring it is effective and 
has appropriate standing. 


approve the annual internal audit plan including the allocation of resources and to ensure the 
plan is coordinated with external audit, covers higher-risk areas and provides assurance 
regarding compliance with relevant laws and regulations and Australia Post policies and 
procedures. 


review significant internal audit findings and actions reported during the period and monitor the 
nature and timeliness of management action in response to findings. 


review an entity-wide assurance map that identifies key assurance arrangements. 


review to ensure the objectivity of the internal audit function and that it is independent of 
management influence. 


review to ensure protocols are in place and adhered to, and approved annually by the 
Committee, to ensure the independence of any internal audit co-source partner or other third- 
party provider to the internal audit function. 


meet in private with the General Manager Internal Audit and any internal audit co-source 
partner, at least annually. 


External Auditor Independence 


3.42 


Powers 


review and confirm the independence of the external auditors, the Australian National Audit 
Office (ANAO) and their contractors. 


4. The Committee is authorised to: 


seek information it requires from any Australia Post employee and/or any external party; and 


obtain outside legal or other professional advice at Australia Post’s expense (in which case the 
Committee Chair will notify the Board Chair that such advice is being obtained) and initiate special 
investigations as deemed necessary. 


Structure and Composition of the Committee 


Membership 


5. The Committee will have a minimum of three members, comprising entirely of non-executive directors. 
The Chair of the Board is not to be a member of the Committee. 


6. Members of the Committee must have appropriate qualifications, knowledge, skills or experience to 
assist the Committee to perform its functions. At least one member must possess accounting or 
related financial qualifications and experience. 


Appointment 


7. The Board shall appoint, replace or remove members to and from the Committee, and review the 
composition of the Committee at least annually. 


Chair 
8. The Chair of the Committee will be nominated by the Board. Where the Committee Chair is unavailable 


for a meeting, another Committee member will act in that capacity as chosen by the Committee 
members present. 


Operation of the Committee 
Secretariat 


9. All records, including agenda, minutes and any reports or recommendations will be prepared and kept 
by the Corporate Secretary. 


10. Meeting agenda and papers will be provided approximately one week prior to the meeting and draft 
minutes will be prepared in a timely manner (within approximately two weeks). 


11. All directors will be able to access Committee meeting papers and minutes on the secure digital Board 
Portal. 


Frequency of meetings 


12. The Committee will meet as frequently as is necessary to undertake its role effectively and in any event 
at least four times per year. 


Notice of meeting 
13. Special meetings may be called at the request of any Committee member, the external auditor or 
internal auditor. A notice of each meeting confirming the date, time, venue and agenda will be 


forwarded to each member of the Committee as soon as practicable prior to the meeting date. 


14. Committee meetings are permitted to be held in person, or by any technological means as consented to 
by the Chair of the Committee. 


Attendees 
15. Non-Committee members such as executives and/or external parties who the Chair and members of 


the Committee think fit may be invited to attend all or part of a Committee meeting but should not 
participate if they have an interest in the matter under consideration. 


16. Itis expected that the GCEO & MD and the GCFO will attend meetings where appropriate. 


17. Prior to each meeting, the Committee will convene privately (without management in attendance) in 
separate sessions with the internal auditor; GCFO; Chief Risk Officer; and external auditor. 


18. The General Manager Internal Audit, GCFO and the Chief Risk Officer have full access to the 
Committee. 


Quorum for meetings 


19. A quorum to transact the affairs of the Committee is two members or a majority of the Committee, 
whichever is greater. 


Committee member interests 


20. Members of the Committee will not participate in discussions and will not vote on any issues in respect 
of which there is an actual, potential or perceived conflict of interest. 


Formal mechanism for reporting key matters 


21. The Chair of the Committee shall report the findings and recommendations of the Committee to the 
Board after each Committee meeting, or as appropriate. 


Review and Assessment of the Committee 


Review of charter 


22. This Charter should be reviewed and updated at least annually, and changes required should be 
recommended to the Board for approval. 


23. The Charter will be accessible through the Australia Post website. 


Review of performance 


24. In order to ensure that the Committee is fulfilling its duties, it: 


e undertakes an annual self-assessment of its performance against the requirements of this Charter 
and provides that information to the Board; and 


e provides any information the Board may request to facilitate its review of the Committee’s 
performance and its members. 


